If you have recently started to here reports of users not being able to change there Azure AD / Office 365 Passwords then you may want to continue reading;

Previously,

If an administrator set a user to Force change password at next logon i.e. when they reset a user passwords it allowed password synchornized users tochange their cloud password and that updated password would not sync back to on-premises. This in turn caused major issues for customers who relied on password synchronization to keep passwords in sync, because it effectively allowed users to set two different passwords in two different locations.

Users that are synchronized to Azure Active Directory are unableto ‘Change‘ or ‘Update’ password when ‘Password Sync’ is enabled and “Password Writeback” has not been enabled or configured will now receive an error message like:

“Your Organization does not allow you tochange your password on this site. Please change your password according to the method recommended by your organization, or ask your admin if you need help”

This is because we recently made a changeto only allow users that are synchronized to Azure AD and are using password sync tochange their passwords if the Password Writeback feature is available. If a customer wants to update password sync’d user passwords from the cloud, he or she must use the Password Writeback feature.

Any customer who does not want password writeback, but wants users to be able to manage their own passwords, should convert those user accounts to managed user accounts such that they are no longer synchronized from on-premises.

I am sure that you have heard that the Azure Active Directory Team have been hard at work and recently placed Azure AD Business to Business (B2B) in to public preview, which enables organizations to share applications & services that they currently use with external business guest / partners etc. and obtain your feedback prior to us placing this feature in to General Availability.

A common scenario in the developer world is where organizations connect Visual Studio Online with a Corporate Azure Active Directory, up until this feature release administrators have always had to manage Azure AD accounts for partners/business guests or have had to result in using Microsoft Accounts (Consumer Identities) which has always been frowned up on and for good reason to be honest, as consumer accounts should be avoided in the world of Business & Enterprise!

In this article the aim is to show you how to configure Visual Studio Online to use Azure AD accounts that are created as part of you Inviting Partners / Business Guests in to your Azure AD. If you want to read further information about the feature as a whole, please refer to the link above.

Unfortunately it is early days at this moment in time, and so this particular deployment does require a bit of a 2 step process to get your external users using Visual Studio Online.

Email: Email address for invited user.DisplayName: Display name for invited user (typically, first and last name).InviteAppID: The ID for the application to use for branding the email invite and acceptance pages.InviteReplyURL: URL to which to direct an invited user after invite acceptance. This should be a company-specific URL (such as contoso.my.salesforce.com). If this optional field is not specified, the inviting company’s Access Panel URL is generated (this URL is of the form https://account.activedirectory.windowsazure.com/applications/default.aspx?tenantId=<TenantID>).InviteAppResources: AppIDs to which applications can assign users. AppIDs are retrievable by calling Get-MsolServicePrincipal | fl DisplayName, AppPrincipalIdInviteGroupResources: ObjectIDs for groups to add user to. ObjectIDs are retrievable by calling Get-MsolGroup | fl DisplayName, ObjectIdInviteContactUsUrl: “Contact Us” URL to include in email invitations in case the invited user wants to contact your organization.

Invite User Accounts

Select “Users in Partners Companies” and upload CSV File that you created previously.

End User Experience

Each of the users that you sent out an invite to will get an e-mail like the following example:

Once they click on the link, they will be taken to a page like the following example: [branding is my demo branding]

NOTE: In this scenario, you would normally configure the Reply URL to send the user to the application once accepted. In this instance I would recommend you sending the users to a static landing page stating that there account will be abled in X amount of time. The reason for this is because you will have to go and add the user to the VSO Permissions once the account has been created. Unfortunately there is no ‘Sync’ Between the Invite Process & VSO Group Memberships and at the moment you can’t add AAD Groups to VSO Groups which would of course make it more streamlined.

Once the invite has been accepted, as a collection admin you shall now be able to go and add the e-mail ID that you invited in to the relevant VSO Group. Once this has been done, the user will now be able to login to VSO using their Work Account and access your VSO Collection.

I am sure many of you out there have been waiting for the Microsoft Band to come to the UK! Today, we announced that this is now happening and will be available from April 15th through Amazon, Currys PC World, Dixons Travel, Harrods, Microsoft Store and O2.

Microsoft Health is an opencloud-based service that helps you live a healthier lifestyle by providing actionable insights based on data gathered from the fitness devices and apps that you use every day. It is designed to work with you, no matter what phone or service you use. We’ve got some great partnerships including Runkeeper, MyFitnessPal, MapMyFitness, Microsoft Health Vault and in the U.K., we have an exciting partnership with Nuffield Health who are leaders in fitness and wellbeing. Find out more

Microsoft Band is the first device powered by Microsoft Health. Live healthier by tracking your heart rate, calorie burn and sleep quality alongside comprehensive fitness features such as on-board GPS for run and cycle tracking. It also includes Guided Workouts, which is like having a personal trainer on your wrist. In addition, the Microsoft Band helps you be more productive with calendar alerts, email previews and access to Cortana with Windows Phone3. And to make it easy to get up and running, the Microsoft Band works with the phone you already own; Windows, iOS and Android. Find out more here.